package com.ali.controller;

import com.ali.entity.User;
import com.ali.service.UserService;
import jakarta.annotation.Resource;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;

import java.util.List;
import java.util.Map;

@RestController
@RequestMapping("/user")
public class UserController {
    @Resource
    private UserService userService;

    @GetMapping("/all")
    public List<User> queryUser() {
        return userService.list();
    }

    /**
     * PreAuthorize：设置权限
     * hasAuthority：判断权限
     * hasRole：判断角色
     */
//    @PreAuthorize("hasAuthority('USER_ADD')")
    @PreAuthorize("hasRole('ADMIN')")
    @PostMapping("/add")
    public String add(@RequestBody Map<String, Object> param) {
        userService.saveUser(param);
        return "添加成功";
    }
}
